Appalbarry writes:
"Microsoft is about to abandon Windows XP to the wolves. Fair enough it's ancient. However, there are still going to be a lot of XP boxes out there, and a fair number of them are unlikely to ever get upgraded until the hardware dies.
My question is: what's available to help make this old OS stay reasonably secure and safe for the people who can't or won't abandon it?
Over the years I've been through Central Point Antivirus, Norton, McAfee, AVG, stuff like Zone Alarm, and of course the various Microsoft anti-malware offerings. But since moving over to Linux I really haven't kept up on the wild and wonderful world of Windows security tools.
Suggestions?"
(Score: 5, Informative) by Popeidol on Wednesday March 05 2014, @08:02AM
The best options are, of course: Disconnect from all networks, or run XP as a VM and always boot to a clean image.
If you do need physical network-connected boxes, there's still a few steps you can take to mitigate the risk.
You could also try a product like Deep Freeze [faronics.com] which resets the OS partition to a known clean state after each reboot (careful where you save your data!).
Given the time and money it'd take, it's probably easiest just to keep a strong backup system and prepare to replace it when the inevitable happens.
(Score: 1) by BradleyAndersen on Wednesday March 05 2014, @02:00PM
that's exactly why there will always be XP machines around
(Score: 2, Informative) by tibman on Wednesday March 05 2014, @03:44PM
Sandboxie is a good option as well. You can run any application that does outside communication or consumes media inside a sandboxie container.
When an application writes to disk it is virtual. To the application (and any other application in the container) the data is there. You can explore this data or just wipe it. Makes it easy to export configs, downloads, or anything that your applications generate back to the real file-system.
The only gotcha is applications that require admin access to run. Pretty sure they can punch through the container or do things that sandboxie can't control.
SN won't survive on lurkers alone. Write comments.
(Score: 2, Informative) by _NSAKEY on Wednesday March 05 2014, @05:25PM
In regards to reducing the attack surface, I always felt that the part about disabling services in this guide was fun: https://web.nvd.nist.gov/view/ncp/repository/check list/download?id=125 [nist.gov] I spent a weekend in 2007 or so making my own custom XP image that was stripped down and hardened to the "SSLF Laptop" guidelines.
(Score: 1) by Common Joe on Thursday March 06 2014, @06:35AM
Is there any good way to authorize an XP box without an Internet connection or do we still have to call up Microsoft? (Haven't done it in a while.)